CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2008-1810 264 +Priv 2008-08-01 2017-08-07
4.4
None Local Medium Not required Partial Partial Partial
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable.
352 CVE-2008-1668 264 +Priv 2008-08-13 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
353 CVE-2008-1664 DoS 2008-08-08 2017-09-28
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
354 CVE-2008-1662 16 2008-08-01 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
355 CVE-2008-1457 20 Exec Code 2008-08-13 2018-10-30
9.0
None Remote Low Single system Complete Complete Complete
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
356 CVE-2008-1456 20 Exec Code 2008-08-13 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
357 CVE-2008-1455 399 Exec Code Overflow Mem. Corr. 2008-08-12 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability."
358 CVE-2008-1448 264 Bypass 2008-08-12 2018-10-12
7.1
None Remote Medium Not required Complete None None
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
359 CVE-2008-1376 264 Bypass 2008-08-01 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.
360 CVE-2008-1232 79 XSS 2008-08-03 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
361 CVE-2008-0965 134 Exec Code 2008-08-08 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
362 CVE-2008-0964 119 Exec Code Overflow 2008-08-08 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
363 CVE-2008-0121 399 Exec Code Mem. Corr. 2008-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
364 CVE-2008-0120 399 Exec Code Overflow Mem. Corr. 2008-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
365 CVE-2008-0082 200 +Info 2008-08-12 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
366 CVE-2007-2952 119 Exec Code Overflow 2008-08-01 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field.
367 CVE-2007-1682 119 Exec Code Overflow 2008-08-27 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method.
Total number of vulnerabilities : 367   Page : 1 2 3 4 5 6 7 8 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.